The following patchset attempts to make knfsd more friendly to containers that are set up with container-level uid/gid mapping. The principles used are as follows: - Assume upcalls for idmapping and RPCSEC_GSS should make use of the user namespace of the idmapper/rpcsec_gss daemon, which can be extracted from the cred used to open the upcall/downcall pseudo file. - Assume downcalls may use the current_user_ns(), since the process context is that of the userland daemon that performs the downcall. - Assume that wire protocols are mapped with of the user namespace of the process that started the knfsd server in the first place. i.e. that AUTH_UNIX and possibly the SETATTR/GETATTR uids and gids belong to the same user namespace as the process that started knfsd. This should ensure that knfsd matches the behaviour of a generic userspace NFS server running in the same circumstances. --- v2: Temporary server sockets need to inherit the cred from their parent Trond Myklebust (6): SUNRPC: Cache the process user cred in the RPC server listener SUNRPC: Temporary sockets should inherit the cred from their parent lockd: Pass the user cred from knfsd when starting the lockd server SUNRPC: Fix the server AUTH_UNIX userspace mappings SUNRPC: rsi_parse() should use the current user namespace nfsd: knfsd must use the container user namespace fs/lockd/clntlock.c | 4 ++-- fs/lockd/svc.c | 29 +++++++++++++++++------------ fs/nfs/callback.c | 7 +++++-- fs/nfs/client.c | 1 + fs/nfsd/export.c | 18 ++++++++++-------- fs/nfsd/nfs3xdr.c | 21 +++++++++++---------- fs/nfsd/nfs4idmap.c | 8 ++++---- fs/nfsd/nfs4xdr.c | 5 +++-- fs/nfsd/nfsctl.c | 16 ++++++++-------- fs/nfsd/nfsd.h | 9 ++++++++- fs/nfsd/nfssvc.c | 16 ++++++++-------- fs/nfsd/nfsxdr.c | 17 +++++++++-------- include/linux/lockd/bind.h | 3 ++- include/linux/sunrpc/svc_xprt.h | 4 +++- include/linux/sunrpc/svcsock.h | 3 ++- net/sunrpc/auth_gss/svcauth_gss.c | 6 +++--- net/sunrpc/svc_xprt.c | 17 +++++++++++------ net/sunrpc/svcauth_unix.c | 15 +++++++++------ net/sunrpc/svcsock.c | 4 +++- 19 files changed, 119 insertions(+), 84 deletions(-) -- 2.20.1
